willnorris.com

don’t lose focus

How well does your OpenID Provider stack up?

by Will Norris

There are increasingly more specs in the OpenID space, and many of the extensions rely on XRDS documents to publicize support. To help enable that, I’ve been looking to update my yadis plugin for WordPress to automatically include the correct protocol support for the major OpenID Providers. Of course, in order to do that I have to actually find out what all protocols they supported, so I pulled out JanRain’s OpenID library and began writing my script. I first checked all the different ways in which you can request an XRDS document… using a request header of Accept: application/xrds+xml, looking for a response header of X-XRDS-Location, looking in the <meta /> tags, etc. Once I had the XRDS document, I checked which protocols they advertised support for, and compiled that all into a nice little table.

See the OpenID Support Table.

The results are about what I would expect… there are just a few front-runners that are really making an effort to support the emerging technology (likely because they are also involved in authoring these new protocols). Everyone else is supporting some version of the (technically, still current) OpenID 1.x protocol and about half have also added sreg support. That same half have basic XRDS support (since it’s required for sreg), but none of them are doing more than the most basic XRDS discovery method. Only a couple of the leaders are supporting the more advanced (and much faster) XRDS discovery.

Comments and responses

sxalexander

Awesome work, this is just the kind of thing the community needs.

It would make a great starting point for the kind of community-driven provider comparison site that has been talked about on the lists.

As 2.0 gets closer to ratification, I look forward to seeing how fast things actually get adopted.

Paul Tanner
Excellent stuff. Now all we need is a basis for trusting OPs. A sort of JD Power rating. How could such a thing be created? Has this ever been done without the involvement of a commercial entity?
Weston Triemstra

Great work on the table!

Sxipper does support a draft of AX. Check out the FAQ "Where can I use Sxipper's OpenID Attribute Exchange?" at this URL: http://www.sxipper.com/faq_openid

Will Norris
@Weston: To quote what I sent to Johnny Bufu of Sxip when he noted the same thing... [quote]You are using the URI "http://openid.net/srv/ax/1.0-draft7". While the latest version of the spec does happen to be draft 7, no where does it suggest modifying the actual URI used. The spec clearly states the URI value of "http://openid.net/srv/ax/1.0", which is what my script is checking for.[/quote]
Weston Triemstra
Ah I see, you're right, the URI is not per spec. Did you try the demo the FAQ question pointed to? It might illustrate some of the UI issues and possibilities in the hCard discussion about how releasing public and private attributes can be addressed. AX could transfer the attributes which made up an hCard and then the relying party could choose to 'display' the attributes as an hCard (as Boris mentioned here: http://factoryjoe.com/blog/2007/11/01/hcard-for-openid-simple-registration-and-attribute-exchange/). AX provides the user with the ability to choose which attributes to release and doesn't release anything without their explicit consent. As you've pointed out elsewhere, when you add in support for personas, the user can then release a set of attributes representing an 'hCard' tailored for their current specific context, or release the set that makes up their public hCard.
Shauna

Great Chart and looks like your move will be a smart one. Wish I knew more about the entire Open ID subject, but I'm still learning. Will keep up here to see the progress. Keep up the good work!!

Peace!

Shauna

Love your work on the chart! I wish I knew more about Open ID, like why it just took my post away to you....arghhhh

Great info on your site and I will be checking back often, esp. regarding your change to Vidoop. (sp ?)

Keep up the great work!!